RVS4000 IP Access Lists

Answered Question
Jan 11th, 2010

Hello all,

I am trying to block access from 1 VLAN to another without disabling InterVLAN routing.

In my access list entry I have the following:

Deny ALL protocols, Source interface LAN; Source Address Network 192.168.8.0/24 (VLAN I wish to block); Destination Address Network 192.168.1.0.

It looks like this should work however hosts from the 192.168.8.0 network can access the 192.168.1.0 network. If I disable InterVLAN routing it blocks traffic between the VLANs as you would expect. In the future I plan to have another VLAN that I do wish to route between VLANs.

Any help would be appreciated,

Thanks!

Brian

I have this problem too.
0 votes
Correct Answer by Te-Kai Liu about 6 years 11 months ago

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Te-Kai Liu Wed, 01/13/2010 - 08:14

The IP based ACL of RVS4000 is designed to restrict the traffic between LAN and WAN (bi-direction), but not the inter-VLAN traffic. So the scenario is not supported unfortunately.

bmangan83 Wed, 01/13/2010 - 08:26

Thanks for your help. It is too bad that feature is not supported in this router. Is this something that is being considered for the future?

Have a great day!

Brian

Te-Kai Liu Wed, 01/13/2010 - 08:40

To support the scenario you described, you might want to take a look at the SA500 series such as SA520.

For RVS4000, I will pass your request onto the product team for consideration.

I was told that RVL200, which also supports inter-VLAN routing and IP-address based Access Rules, can support the scenario you described.

Actions

This Discussion